Archive for March, 2007

As promised, here follows what I hope will be an interesting overview of my interview experience as an intern candidate at Google, Microsoft and Apple.

Google

My interview at Google was probably the most unusual of the bunch. A long time ago (Almost a year), one of my friends in the fellow reverse-engineering community contacted me about a job opporunity at a Google office in Montreal, working on a top-secret project, but which was related to my knowledge. I got to the phone screens, and had a great first interview. My second interview however didn’t go so well. It was the first time my interviewer was ever screening a candidate, and he kept me stuck on a single question. The question was related to a low-level structure change in a private datatype used in Vista’s kernel; this change was documented in a patent, which I always found fishy as an interview question. Nevertheless, I believe I answered correctly some of the more generic implementation details, but the interviewer kept coming back on the same question and seemed like he wanted to hear a precise answer. Additionally, it didn’t seem like the project was fully related to my field of experise; unsurprinsingly, I got a refusal letter two weeks later.

Fast forward eight months later, and the DRM hacking news appears on the Internet. I get a call from Google the day after about setting up some interviews. My interviews get cancelled a couple of days later, then rescheduled for Monday, after my return from the SCALE 5X talk. I have a short (and very interesting) conversation with someone at Google would probably end up being my boss/mentor, and I get news a couple of days later that I got the job. And that’s about it.

My path to Apple was a long and ultimately rewarding one. I attended CUTC last January, already with knowledge that I would be interviewing with Microsoft later. Therefore, I avoided most of the smaller booths, avoided Microsoft since I already had an interview, as well as Google since, at the time, I had not received the phone call about a new opportunity. The only company that I still had some interest in during the job fair was Apple. This is mostly because during the day, I attended two sessions on Apple Development Tools. The first one was on Shark, which completely amazed me. There were lots of technical questions during the presentation, and I was always the only one answering them correctly, so the Apple people noticed me and asked me to come for a chat. I went to see them, and handed in my CV. The Apple recruiter was mostly looking for people to work on the Ipod or Mac stuff, so my Windows Kernel experience didn’t seem relevant at first.

My friends got calls from Apple during the days after, I didn’t. I gave up on the opporunity since I thought they wouldn’t be interested. Two weeks later, I get a call from the recruiter saying she passed on my information to the OS X Kernel Team. After the DRM news, the Security Team gets interested as well. What followed after was the most exhausting interviewing process I’ve been through. Because Apple couldn’t fly me in (I don’t think they do that for non-local candidates), I had to go through the equivalent of the Microsoft interview process, but over the phone. Since I was actually interviewing with two teams, double the amount of time and people for an accurate depiction. In total, I believe I spoke with 9 or 10 Apple developers, managers and testers on both teams.

The questions were very technical, but not in the “optimize this algorithm” way. The engineers there seemed to be genuinely interested in my ideas, thought process, and solutions/problems I could find to various designs. One question I was asked, which I think I can share, is how a Hypervisor Rootkit would be more dangerous then a normal Kernel Rootkit, how to protect against that, as well as how to create a workable Hypervisor Patchguard-like system, what to look for, how to discriminate against the OS touching critical data, and malware, etc. There also of course the general ReactOS/TinyKRNL questions as well as questions on my interest for the job/company.

I felt exhausted at the end of about the 1-2 weeks this process took, but I thought IÂ had done very well on all the interviews. During my talk in Waterloo, I got a call saying I got offers from both teams, and had to choose one. I chose the Core OS kernel team, and received my offer in the mail a couple of days later.

Job Description: Kernel Developer. Working on various Darwin/OS X related undisclosed projects.
Phone Screens: 6, some were conference calls with multiple people on the line.
Campus Visit: No

Microsoft

My path at Microsoft started through various friends and contacts that I’ve made a the company in the last few months thanks to my security-related research and presentations/papers. They saw in me a really good candidate for the various security groups at Mircrosoft, and also on the actual NT Kernel Team. The interview process at Microsoft was both disappointing and amazing. First off, it started with a pretty technical phone screen. Unforunately, my screen was on SQL, which I knew absolutely nothingÂ about. However, my interviewer was very understanding, gave me a couple of hints, and I was able to identify and solve issues with “cursors”, something I had never even heard of. I was also asked some more generic and personality questions, and I my opinion of the interview was that I did decently. I was also interviewed by one of the most prominent figures in SQL, working on the Core SQL Engine Group at Microsoft, and someone I deeply respect.

This interview let me to an actual invitation for a campus interview. This is where the disappointing part starts. My phone screen was sometime in October or November. It took about two months, by email, to get an actual interview date, and it ended up being in March. Therefore, even though Microsoft was my first confirmed interview, in the time frame that it took the mto set something up for me, Apple and Google had the chance to hear about me, contact me, interview me and both send me offers. This created a very difficult problem for me in terms of various deadlines that the other offers had to meet. All in all, I didn’t feel that my RC (Recruiter Coordinator) was very communicative with me, and I had to rely on my connections inside the company to figure out what was going on. Contrast this with Apple which had everyone on their team calling me (which greatly raised my interest in the company) and even Google, who had one of their top engineers chat with me on the phone, and both companies kept in touch by email and phone relating my status, offers, interviews, etc. Microsoft’s replies, when available, were always robotic and template files.

However, this disappointement quickly faded away once I got on campus. Microsoft has the most amazing interviewing experience. First of all, not only do they pay all your expenses, you also get a generous amount of money to spend during your daily activites, and you’re encourage to stay more then one day. Taxis are included, up to 75$ of food per day is included, museum visits, sightseeing, long-distance calls, Internet access and more are all free perks you get. Additionally, before your rounds start, Building 19 has various computers, big-screen TVs and XBOXes to fill up your time. You can also visit the campus, and even go see the Microsoft Museum, which has some unique artifacts you’re likely not to see anywhere else.

Once your interviews start, you’ll meet with a variety of people on the teams that are interviewing you. There are all very smart people and each of them has his or her own interviewing style. You’ll probably start out with coding questions/tricks, and move up to more high-level implementation/architecture stuff. My final interview was with a hiring manager, which consisted a lot more of personality and profesional questions related to work habits, ethics, etc. I like the fact that the interviews seemed to test every part of the candidate, from your typical algorithm questions down to your pattern of thinking and answering hard business problems.

I had a serious issue with my work at Microsoft however. First of all, the deadlines for my other offers were Monday (and my interviews on a Friday). Secondly, I needed to know if I could ever work on ReactOS/TinyKRNL after my internship was over. The only peopel who could answer this were LCA, the Law and Corporate Affairs deparment of Microsoft, who are usually pretty hard to get by, especially on a weekend. I made it clear that two things were critical to me: being allowed to work on ReactOS after my internship was over, and working on the Base or Virdian Team.

It turns out I passed my interviews, and my understanding was that an offer could’ve been offered to me. Unfortunately, I was qualified as a “legal risk”, and they did not want to go forward with it, due to my work on ReactOS. It was made clear to me that I would have to choose between the two. Since this wasn’t a full time employement, and only my first internship in many to come, I didn’t want to sacrifice the project for an internship. Who knows if I didn’t like the Base Team? Or maybe I wanted to work in some other company later on, or maybe Microsoft would not want me anymore. The restriction of never having to work on ReactOS again seemed way too harsh — not even non-compete agreements are this permanent, but regardless, I can understand why Microsoft chose to do this. I am still very greatful for meeting all those smart people, and will be keeping in touch with them in the future.

Ultimately, because of the Microsoft situation, my choice became Apple vs Google. Both companies are dream companies to work for, and it wasn’t easy choosing between the two. Ultimately however, the work I would be doing at Apple was a lot more related to my core competencies (kernel development), and gave me the chance to discover a new architecture and OS design. I felt like some of my work at Google might be hindered by their requirement for computational/algorithm experience and my lack of a formal training in the matter (which won’t come until my next semesters). Also, Apple’s details about my work (which I can’t mention) clearly became the defining factor in my decision. The team size, which is extremly small, meant that my work would have a real impact on the products/services/etc I’d be working on, and that was also another great opporunity that I think an internship is good for.

Another important factor was ReactOS, which didn’t seem to hinder at all my work at Apple, as well as the friendlyness of all the people at Apple. I am trying to bring my girlfriend over with me for the summer, and Apple was very forthcoming in helping with this. In the end, the Apple offer was the most interesting, and the culture/ethics and work seemed the most adapted to me, as did the helpfulness of everyone involved in my interview process and offer. I felt like I was really needed, a truly unique candidate, and that was indeed a great feeling to have.

Conclusion

Please remember that this experience was unique to me; do not attempt to generalize or make any employement choices based on this experience, since you will most likely have a different one. I have however tried my best to avoid giving away any confidential or private information, so please do not ask/make comments on my offer, and perks offered, et caetera, because I will not discuss them.

I strongly recommend anyone with the opportunity to work at any of these three companies to take it, if their interest in the work they’ll be doing is high. They are all amazing companies that I’d love to work for during my life.

If there’s one lesson that I want to share from my experience it’s this: go with your interests. Don’t be amazed by perks, salaries, or other material things. Does the campus/team seem a good match? Does the work interest you? If yes, everything else should be secondary.

As some of you may or may not know, I’ve spent the last few weeks interviewing with the big three, and drove myself crazy choosing which offer to select (to be fair, I just finished interviewing with MSFT today; the offer, if any, will only come on Monday, when I make my big choice).

For the benefit of everyone, I decided that once my decision is made, I’d post more information about the process at all the three companies. How were the recruiters, the interviewers, the kind of perks to expect (yes we all know Google has free food), and more. I hope it’ll be a good write-up and perhaps end up with a chart, much like the Google/Yahoo/Windows Live(MSFT) blog post ended up.

It’s been great interviewing with all three though, and if anyone from there is reading this, thank you for everything!

I received word from Microsoft today on the status of the Vista DRM Issue that I talked about earlier. It seems that the final consensus from their internal investigation is that my method does not constitute a viable means of exploting the driver signing/DRM model. In other words, the theory I came up with that might allow PMP to be subverted seems to have been proven false.

My original idea was to use boot Vista with the /DEBUG flag and then use the internal, undocumented Kernel-Mode Debug API to load executable code in kernel-memory or to overwrite existing code (as well as to disable PatchGuard). My rationale was that PMP wouldn’t detect any issues, since no unsigned code was running in the kernel, instead, you would have code hidden in Non Paged Pool or as part of \Driver\Null’s IOCTL routine (similarly to how Johanna loaded code using the pagefile.sys). However, it seems this won’t work, I’m assuming because PMP will actually detect that you’ve booted in Debug Mode, and it will enter reduced functionality mode (Which was the hypothesis on which the entire idea depended on). Since I don’t know more about PMP, I’m not sure if this is what happens, but that’s my personal guess. Either ways, it seems DRM is here to stay for now.

Speaking of reduced functionality mode, if you turn of the Secured Licensing Service (SLsvc) in Vista, the Control Panel and Windows Update stop working. I was disabling services to get a minimalstic Vista desktop (I don’t like booting with 50 processes on startup), and I didn’t care about this service, disabling it and assuming PMP would block me from playing BluRay/HDDVD (Which I don’t have)… but I never guessed it would kill the Control Panel. Seems kinda weird.

When I get back home, I”ll post a list of the only services that I’m running on Vista. It’s got all the functionality I need (Internet, Printing, Audio). I’m getting a new hard drive for my server tonight, as well as ugprading my main desktop CPU from an AMD64 X2 3800+ to an Opteron 185. That’s a jump from 2x2GHz, 1MB Cache to 2×2.6GHz, 2MB cache. I’m hoping to overclock to 2.8GHz. Do NOT get an FX-60. They’re the exact same chip, but they cost twice as more.

This Monday, I’ve had the chance to speak at the University of Waterloo, in Ontario, Canada, which is one of the top engineering and computer science universities in Canada, responsible for applications such as Maple. My short lecture was on using ReactOS in the academic environment, as well as present students and other atendees with a brief overview of Windows NT and ReactOS architecture.